Press Release 01/02/00

FOR IMMEDIATE RELEASE

RHP Studios Christmas

RHP Studios donates FREE Network Security Audits.

01/02/00 --

RHP Studios donated time during the Thanksgiving and Christmas holiday season to complete remote audits to anyone who requested them for FREE! This was a spur of the moment offer that quickly grew beyond expectations.

During this time, RHP Studios conducted close to 700 audits. The actual totals included 244 Commercial IP addresses, 479 Private or Residential IP addresses, and a grand total including re-evaluations after recommended "hardening" of systems of 1,210 audits. RHP Studios considers a Commercial IP to be any IP address either having a domain name registered with Internic or having an IP address with at least one system acting as a file server or Authentication Server. This does not include gateway, proxy, or router servers on a residential LAN.

A brief synopsis of what was found to be common on these systems follows:

174 (25%) of the systems contained active Trojans know at the time.

28 Commercial IP addresses had firewalls or packet filters or other IDS installed.

351 Private IP addresses had firewalls or packet filters or other IDS installed.

92 combined Commercial & Private IP addresses had properly configured firewalls, packet filters, or other IDS (Intrusion Detection). Several lost this count by having inappropriate warning software installed, such as Nukenabber.

533 of the Windows Operating Systems had Netbios enabled. Some of the firewalled systems had Netbios unfiltered to the outside world.

106 of the Netbios enabled systems contained active shares other than $IPCS

51 of the 696 Windows Operating Systems were identified as Windows NT 4.

43 of the 51 identified Windows NT 4 Systems had the Option Pack installed with the IIS web server vulnerable to the ../.. exploit in all but 1 (42 systems vulnerable)

260 Systems were running services known to have remote buffer overflows. The most common of these remote buffer overflow vulnerabilities was limited to the Private IP addresses with the applications Serv-U FTP Server, WarFTP Server, and ICQ. The Commercial IP addresses were also found to have services with known vulnerabilities or buffer overflows that were common. These included DNS, Bind, and the most common was Telnet

10 of the systems running identifiable proxy servers were using default setups and the proxy configurations could be changed at will.

As I analyzed the above statistics, doesn't something seem "out of place"? Did anyone else notice that there were more private individuals or small businesses running firewalls than commercial networks? What exactly could one interpret from those results? Does the above figures reflect all of corporate America? I think not. I do think much of the problem exists from "Lack of training" and/or "Lack of personnel and man hours to complete updates" or even "it'll never happen to me syndrome" exists after talking with the persons responsible for Administration of the commercial networks included in the audits. Wake up World!

RHP Studios will always offer FREE audits to dynamic residential and small business networks using a single IP address as their gateway. Contact RHP Studios for more information and scheduling.